RPC 111
Banner Grabbing with Netcat
bashCopy codenc -nv 10.11.1.72 111
Using Nmap for RPC Enumeration
Scan with NFS Scripts:
nmap -sV --script=nfs-* 192.168.101.130
TCP Connect Scan for Port 111:
nmap -sSUC -p 111 10.10.10.10
Scan Range for Port 111:
nmap -v -p 111 10.11.1.1-254
RPC Info Script Scan:
nmap -sV -p 111 --script=rpcinfo 10.11.1.1-254
Using rpcbind
Find rpcbind Services:
rpcbind -p 192.168.1.101
Using rpcinfo for RPC Services
Query RPC Info:
rpcinfo -p 192.168.101.130
Null Session Access with rpcclient
Access with Null Credentials:
rpcclient -U "" -N 10.11.1.5
If connection is successful, try these commands:
srvinfo
enumdomusers
enumprivs
enumalsgroups domain
lookupnames administrators
querydominfo
enumdomusers
queryuser redcliff
Mount NFS Shares
Show NFS Shares:
showmount -e 10.10.10.10
Mount NFS Share (example):
sudo mkdir home
sudo mount -o nolock 10.10.10.10:/home ~/home
cd home/ && ls
Last updated